GPO not applying

[Guest]

this is sort of a two-parter:

1) We have a W2K Svr DC. Using GPMC from XP box, edited GPO at Computer
Configuration\Administrative Templates\Network\DNSClient so that all PCs
would use 2 internal DNS servers (the W2K and a W2K3 member server). Forced
update on W2K DC and some PCs to verify propogation but had not, even after
waiting an hour to be sure. Ran gpresult on an XP Pro PC and saw...

GPO: [GPO name]-GPO
Setting: Software\Policies\Microsoft\Windows NT\DNSClient
State: Enabled

Actually, there were two instances of this. How can I know what specific
policy each of them are actually referring to?

And the main question: So why is it not set when I look in that PC's TCP/IP
settings?

2) Now when I go back to the GPMC or on the W2K DC itself and look in the
GPO's Computer Configuration\Administrative Templates\Network part, the DNS
Client, as well as most other items, are now gone! Only 'Offline Files' and
'Network and Dial-up...' are there! The only place DNSClient is now is
under AdmiTempl\System and only includes DNS Suffix. What happened?

Thanks in advance.

 

[Denis Wong @ Hong Kong]

Hi mikeindo,

Have you tried to install the Administration Tools on your XP to manage the
GPO in AD? If not, pls try it.

br,
Denis

 

[Guest]

I'll defer to Darren - GP MVP. Check out his troubleshooting page

http://www.gpoguy.com/FAQs/troublefaq.htm


Gpotool is a great tool (described on Darren's page).

Are you seeing any related events in your logs?

 

[Guest]

Have you tried to install the Administration Tools on your XP to manage the

GPO in AD? If not, pls try it.

yes, i have. but since i've also installed the GPMC, the XP Admin Tools' AD
Users & Comps defers to it instead of allowing you to use the XP's AD U&Cs
'link' to edit GPOs.

might it have something to do with ADM profiles loaded from wrong place
(like the XP box) or something?

 

[Guest]

On both the DC and several XP clients, the Event Log's Application log says
everything was applied successfully. I used GPOTool (although it seems it's
better used for DC-to-DC troubleshooting rather than DC-to-client), and its
DS and SYSVOL versions matched - "Policies OK". Used GPResult again on a
client and, again, two instances of "Software\Policies\Microsoft\Windows
NT\DNSClient" (which is which?) were enabled. But the clients are still not
getting the DNS servers applied! And as for DNS-related settings not
appearing at all in the GPO itself now, as I replied above, might it have
something to do with other ADM files being loaded from my XP box since I used
GPMC?

 

[Guest]

i should also mention that in the GPMC, i open the GPO in question and go to
the Settings tab to show a graphical view of what i've set. those DNS server
settings are in fact there, under Computer Config/Admin Templates/Network/DNS
Client, set as enabled. also, Dynamic Updating is set as enabled (i'd set
that) in the same section. again, part of the problem, is getting back there
(/Admin Templates/Network/DNS Client) to make any tweaks - i just can't get
there!

 

[Guest]

thinking aloud again, i dont suppose it has anything to do with the clients
using static TCP/IP info, does it? the users on most (but not all) of these
clients are local admins, but i know that shouldnt be a problem cuz i've set
other policies that have successfully applied. for those clients that use
DHCP, they're getting the right DNS servers, but i think it's cuz of the DHCP
server - not the GPO...

 

[Denis Wong @ Hong Kong]

Hi,

I'll suggest you first try to install the updated ADM files to make sure the
policy is processed in the same way.

Group Policy ADM Files
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en

br,
Denis

 

[Guest]

I'll suggest you first try to install the updated ADM files to make sure the

policy is processed in the same way.

i followed your link. you mean install/reinstall/replace the W2K ADM files
on the W2K server? or the XPSP2 (all our clients are) ADM files on my XPSP2
PC? or the XPSP2 ADM files on the W2K server? i'm sorry, i'm just not
sure...

what about what this guy said?
http://tinyurl.com/94gd2

 

[Guest]

Futher development: downloaded ADM files from link above. Compared to what
was already in XP's WINDOWS\inf folder - they're the same! Date Modified (in
2004) and sizes are exactly the same! So wouldnt that mean the ADM files had
in fact NOT been loaded from my XP over the W2K server's ADM files?

 

[Denis Wong @ Hong Kong]

Hi,

Pls take a look at this article. The point is whether your DC get the
updated ADM files.

Upgrading Windows 2000 Group Policy for Windows XP
http://support.microsoft.com/?kbid=307900

br,
Denis

 

[Guest]

OK, I loaded the GPO and saved it, re-opened it and it looks the same as it
does everywhere else: Computer Configuration/Administrative Templates/Network
still only contains 'Offline Files' and 'Dialup & Network Connections.' No
mention of DNS except in Computer Configuration/Administrative
Templates/System and it's just "DNS Suffix."

FYI, i searched in SYSVOL for all ADM files and it seems none of their Date
Modified has changed at all in 2005. Wouldnt that mean that the XP box has
NOT overwritten the W2K Server's?

 

[Denis Wong @ Hong Kong]

Hi,

This KB describes very clearly about how ADM files are managed. You should
take a look.

Recommendations for managing Group Policy administrative template (.adm)
files
http://support.microsoft.com/?kbid=816662

Yes, your server files did not get updated. That's the question.

Did you set the setting "Turn Off Automatic Updates of ADM Files"?

br,
Denis

 

[Guest]

ok, i think i got it. i used those downloaded XPSP2 ADM files and copied
them to the GPO's policies folder in SYSVOL. now all the right settings are
back. but of course, Part One of my original post remains: why isnt it
actually applying to the XP clients? i've used gpresult to verify before,
but i'll check it all again now that the ADM files are back.

Did you set the setting "Turn Off Automatic Updates of ADM Files"?

Well, it's set now! Of course, "Always use local ADM files for Group Policy
editor" isnt an option on W2K Server. Conveniently, we're upgrading this W2K
DC to W2K3 soon. I think I'll just stop using the GPMC and just use the DC's
AD Users & Computers snap-in...

btw Denis, i'm leaving for a week-long vacation, so if i dont reply after
this afternoon for awhile, please dont think my issue is necessarily over!
thanks again for all your help so far.